时间:2021-07-01 10:21:17 帮助过:23人阅读
- <code><!--?php
- @session_start(); // Start a new Session, if not already created (tracking later?)
- @set_time_limit(0); // May run long at times, remove time limits on script execution time
- $sess = session_id(); // Current Session ID, use tbd...
- if($_SESSION['authenticated'] != true) {
- header("Location: /sqlmap/admin/login.php");
- }
- // Establish Admin ID to manage tasks
- if((isset($_POST['myAdminID'])) && (strlen(trim($_POST['myAdminID'])) == 32)) {
- $_SESSION['myAdminID'] = trim($_POST['myAdminID']);
- }
- include("../inc/config.php");
- include("../inc/SQLMAPClientAPI.class.php");
- $salt = "!SQL!"; // Salt for form token hash generation
- $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
- $_SESSION['token'] = $token; // Set CSRF Token for Form Submit Verification
- $taskConfig = array();
- if(isset($_SESSION['myAdminID'])) {
- $sqlmap = new SQLMAPClientAPI();
- if((isset($_GET['task'])) && (trim($_GET['task']) != "")) {
- $actionTaskId = trim($_GET['task']);
- if(isset($_GET['action'])) {
- switch(trim($_GET['action'])) {
- case "conf": // Show Config for specified Task ID
- $taskConfig = $sqlmap--->listOptions($actionTaskId); // We will actually store it for use in a second...
- break;
- case "stop": // Stop a specified running Task ID
- $sqlmap->stopScan($actionTaskId);
- break;
- case "kill": // Forcefully Kill a specified running Task ID
- $sqlmap->killScan($actionTaskId);
- break;
- case "del": // Delete a specified running Task ID
- $sqlmap->deleteTaskID($actionTaskId);
- break;
- default: // Do Nothing if nothing is specified...
- break;
- }
- }
- }
- }
- ?>
- <title id="ttl">SQLMAP Web GUI - Admin Panel</title>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <br>
- <!--?php
- /*
- Need ability to set Admin level taskID
- Need ability to change during session if desired (reboot/restarts)
- Admin Functionality Needed:
- List all available tasks
- List Configuration Options for Task by Task ID
- Stop scan by Task ID
- Kill scan by task ID
- Delete task by task ID
- Delete ALL tasks
- */
- echo "<h1 align=\"center\"-->SQLMAP Web GUI - Admin Panel";
- if(isset($_SESSION['myAdminID'])) {
- $taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID']));
- if(!$taskList) {
- ?>
- <br>
- [WARNING] '<!--?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?-->' - Appears to be an Invalid Admin ID!<br>
- <br>
- <!--?php
- } else {
- ?-->
- <br>
- <h4>
- <b>Admin ID:</b> <!--?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?--><br>
- <b>Total Number of Known Tasks:</b> <!--?php echo htmlentities($taskList['tasks_num'], ENT_QUOTES, 'UTF-8'); ?--><br>
- </h4>
- <br><br>
- <!--?php
- if((isset($_GET['task'])) && (isset($_GET['action'])) && (trim($_GET['action']) == "conf")) {
- echo '<br /--><br>';
- echo '<label for="results_textarea">ScanID: ' . htmlentities(trim($_GET['task']), ENT_QUOTES, 'UTF-8') . ', API Scan Configuration</label>';
- echo '<textarea class="form-control" id="task_configuration_textarea" rows="20">';
- echo "[*] API Scan Configuration:\n";
- print_r(htmlentities($sqlmap->listOptions(trim($_GET['task']))['options']), ENT_QUOTES, 'UTF-8');
- echo '</textarea><br>';
- } else {
- ?>
- checkScanStatus($t);
- $taskConfig = $sqlmap->listOptions($t);
- echo "";
- echo "";
- if(sizeof($taskConfig) > 0) {
- $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
- echo "";
- } else {
- echo "";
- }
- if(isset($status['status'])) {
- echo "";
- } else {
- echo "";
- }
- echo "";
- if($status['status'] == 'running') {
- echo "";
- echo "";
- } else {
- echo "";
- echo "";
- }
- echo "";
- echo "";
- }
- ?>
- <table class="table table-hover" id="adminTasksDisplayTable">
- <thead>
- <tr>
- <th>TaskID</th>
- <th>Target</th>
- <th>Status</th>
- <th colspan="5">Options</th>
- </tr>
- </thead>
- <tbody>
- <!--?php
- foreach($taskList['tasks'] as $t) {
- $status = $sqlmap---><tr><td>";
- echo htmlentities($t, ENT_QUOTES, 'UTF-8');
- echo "</td><td>" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td>" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td> Conf </td><td> Stop </td><td> Kill </td><td> - </td><td> - </td><td> Del </td></tr></tbody>
- </table>
- <!--?php } ?-->
- <!--?php
- }
- } else {
- ?-->
- <br>
- [WARNING] NO Admin ID Set!<br>
- <br>
- <!--?php
- }
- ?-->
- <br><br><br>
- Logout<br>
- Want to learn more about SQLMAP, Visit the Project Page!<br>
- SQLMAP Web Operator Copyright © 2015, Coded By: HR, All rights reserved.<br>
- <br><br>
- </code>
这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是
- <code> $salt = "!SQL!"; // Salt for form token hash generation
- $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
- $_SESSION['token'] = $token; // Set CSRF Token for Form SubmitVerification</code>
是1-1000000加SALT的sha1加密,然后我在
- <code> [WARNING] NO Admin ID Set!<br>
- <br>
- <!--?php
- } else {
- ?-->
- <br>
- <h4>
- <b>Admin ID:</b> <!--?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?--><br>
- <b>Total Number of Known Tasks:</b> <!--?php echo htmlentities($taskList['tasks_num'], ENT_QUOTES, 'UTF-8'); ?--><br>
- </h4>
- <br><br>
- <!--?php
- if((isset($_GET['task'])) && (isset($_GET['action'])) && (trim($_GET['action']) == "conf")) {
- echo '<br /--><br>';
- echo '<label for="results_textarea">ScanID: ' . htmlentities(trim($_GET['task']), ENT_QUOTES, 'UTF-8') . ', API Scan Configuration</label>';
- echo '<textarea class="form-control" id="task_configuration_textarea" rows="20">';
- echo "[*] API Scan Configuration:\n";
- print_r(htmlentities($sqlmap->listOptions(trim($_GET['task']))['options']), ENT_QUOTES, 'UTF-8');
- echo '</textarea><br>';
- } else {
- ?>
- checkScanStatus($t);
- $taskConfig = $sqlmap->listOptions($t);
- echo "";
- echo "";
- if(sizeof($taskConfig) > 0) {
- $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
- echo "";
- } else {
- echo "";
- }
- if(isset($status['status'])) {
- echo "";
- } else {
- echo "";
- }
- echo "";
- if($status['status'] == 'running') {
- echo "";
- echo "";
- } else {
- echo "";
- echo "";
- }
- echo "";
- echo "";
- }
- ?>
- <table class="table table-hover" id="adminTasksDisplayTable">
- <thead>
- <tr>
- <th>TaskID</th>
- <th>Target</th>
- <th>Status</th>
- <th colspan="5">Options</th>
- </tr>
- </thead>
- <tbody>
- <!--?php
- foreach($taskList['tasks'] as $t) {
- $status = $sqlmap---><tr><td>";
- echo htmlentities($t, ENT_QUOTES, 'UTF-8');
- echo "</td><td>" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td>" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td> Conf </td><td> Stop </td><td> Kill </td><td> - </td><td> - </td><td> Del </td></tr></tbody>
- </table>
- <!--?php } ?-->
- <!--?php
- }
- } else {
- ?-->
- <br>
- [WARNING] NO Admin ID Set!<br>
- <br>
- <!--?php
- }
- ?-->
- <br><br><br>
- Logout<br>
- Want to learn more about SQLMAP, Visit the Project Page!<br>
- SQLMAP Web Operator Copyright © 2015, Coded By: HR, All rights reserved.<br>
- <br><br>
- </code>
这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是
- <code> $salt = "!SQL!"; // Salt for form token hash generation
- $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
- $_SESSION['token'] = $token; // Set CSRF Token for Form SubmitVerification</code>
是1-1000000加SALT的sha1加密,然后我在
- <code> [WARNING] NO Admin ID Set!<br>
- </code><form class="form-horizontal" role="form" id="myAdminID" action="/sqlmap/admin/index.php" method="POST"><code>
- <input type="hidden" name="token" value="<?php echo $token; ?>"> </code></form>
看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!
你通过POST传递 myAdminID,但问题是你自己输入的myAdminID是应该怎么产生的?
那个token是防止CSRF的,不是用来产生myAdminID的,至于myAdminID应该怎么产生,你应该看看这段代码:
- <code>$sqlmap->adminListTasks(trim($_SESSION['myAdminID']));</code>